1. Technical Field
Embodiments of the present application generally relate to a computer security system and, more importantly, to a method and apparatus for mitigating software vulnerabilities.
2. Description of the Related Art
People use software programs (e.g., processor-executable instructions) to perform various computer tasks. For example, individuals and organizations create content (e.g., documents, multimedia data and/or the like) for publication in selected data sources (e.g., news sources, scientific paper databases, Internet websites and/or the like). These documents are also distributed by owners to one or more recipients for various purposes. For example, people create documents in a Portable Document Format (PDF) file. PDF is an open standard for document exchange created by Adobe Systems of San Jose, Calif.
As another example, people use various software programs to create and distribute multimedia data (e.g., video and/or audio data). Some software programs are components of an enterprise software application. For example, conventional video authoring software (i.e., ADOBE® PREMIERE® ELEMENTS where PREMIERE is a registered trademark of Adobe Systems Incorporated of San Jose, Calif.) employs various plug-ins to produce and/or edit the multimedia data. Rich Internet Applications (RIAs) provide interactive functionality for the multimedia data. Consequently, RIAs have become a very popular multimedia presentation tool on websites throughout the Internet.
An RIA typically is a collection of multimedia data that is wrapped within programming code to be executed by a playback routine. For example, some RIAs may comprise animations, interfaces, games, video clips, audio clips, and/or other interactive or passive content (referred to herein as “rich Internet content”). In addition, an RIA typically includes software code to instruct a playback routine (referred to as an “RIA Player”) how to display and progress through the content of the RIA. One such RIA Player is a FLASH® player (FLASH is a registered trademark of Adobe Systems Incorporated) that executes an RIA in the form of a SWF file to present rich Internet content to a viewer. The SWF file format is defined in by the SWF File Format specification (version 10) as published, at http:www.adobe.com/devnet/swf/pdf/swf_file_format_spec_v10.pdf, by Adobe Systems Incorporated of San Jose, Calif.
When a software provider receives information that a software application has been compromised, a source of such information as well as the cause of such a compromise may be from any part of the world. The software provider has no option but to release a new patch for world-wide distribution. This diminishes potential and/or actual market reputation. If, however, the software program is compromised only in certain geographic regions of the world (i.e. only a certain percentage of software users are affected), then customer feedback is less negative. Because the world-wide patches are released sometime after the vulnerability is discovered, an instant solution is not available.
One of the causes of such software vulnerabilities is the use of a defective API (Application programming Interface). By calling and executing compromised software code, each plug-in has a same vulnerability on every computer. A plug-in is a set of software programs that adds or extends specific capabilities to a larger software application. A plug-in may include one or more files, such as DLL (Dynamic Link Library) files. If supported, plug-ins enable customization of existing application functionality. For example, plug-ins are commonly used in web browsers to play video, scan for viruses, and display new file types. For example, ADOBE® plug-ins add the capability of executing and/or displaying new file types inside a web browser, such as a Firefox web browser.
Therefore, there is a need in the art for method and apparatus for mitigating software vulnerabilities.